Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

Is the update and application of new AWAF attack signatures "Service Affecting"?

Go to solution
Wasfi_Bounni
Cirrocumulus
Cirrocumulus

‎24-Sep-2023 04:01

Hi;

Is the update and application of new AWAF or ASM attack signatures "Service Affecting"? Also does applying the new attack signatures entail a reboot of the device?

Kindly

Wasfi

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Mohamed_Ahmed_Kansoh
MVP
MVP

‎24-Sep-2023 06:51 - edited ‎24-Sep-2023 06:54

Hi @Wasfi_Bounni , 
Yes , it may impcat you. 

and not it depends : 

  1. you want to enforce signtaures immediately. ( may impact you and produce false positives ) 
  2. you can keep these signature under learning for a while ( Readness period "default 7 days" ) 

Open ( Security >> Application security >> Learning and blocking settinngs >>> Attack signatures ) 

- If you want to enforce it directley : 
open this : 

Mohamed_Ahmed_Kansoh_0-1695562069131.png

 

Make sure ( you're selecting enforce updated rule immediately ...... ). 
>>> by doing this all newly updated signature will be enforced directly. 

- If you want to keep updated signature for a while and in learning and after checking your learning suggestion to take your decision : 

modify your configuration like this : 

Mohamed_Ahmed_Kansoh_1-1695562905393.png

>>> performing this shoud put your newly signatures in statging waiting the ( Readness period to be fininshed ) to be ready to be enforced and you will work on parallel on learning suggestions ( Accept / delete suggestions ) based on your analysis in suggestions collected from requests samples. 

I hope this helps you 🙂 

_______________________
Regards
Mohamed Kansoh

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
Mohamed_Ahmed_Kansoh
MVP
MVP

‎24-Sep-2023 06:51 - edited ‎24-Sep-2023 06:54

Hi @Wasfi_Bounni , 
Yes , it may impcat you. 

and not it depends : 

  1. you want to enforce signtaures immediately. ( may impact you and produce false positives ) 
  2. you can keep these signature under learning for a while ( Readness period "default 7 days" ) 

Open ( Security >> Application security >> Learning and blocking settinngs >>> Attack signatures ) 

- If you want to enforce it directley : 
open this : 

Mohamed_Ahmed_Kansoh_0-1695562069131.png

 

Make sure ( you're selecting enforce updated rule immediately ...... ). 
>>> by doing this all newly updated signature will be enforced directly. 

- If you want to keep updated signature for a while and in learning and after checking your learning suggestion to take your decision : 

modify your configuration like this : 

Mohamed_Ahmed_Kansoh_1-1695562905393.png

>>> performing this shoud put your newly signatures in statging waiting the ( Readness period to be fininshed ) to be ready to be enforced and you will work on parallel on learning suggestions ( Accept / delete suggestions ) based on your analysis in suggestions collected from requests samples. 

I hope this helps you 🙂 

_______________________
Regards
Mohamed Kansoh
0 Kudos

Go to solution
Wasfi_Bounni
Cirrocumulus
Cirrocumulus
In response to Mohamed_Ahmed_Kansoh

‎24-Sep-2023 18:21

thank you Mohamed.

Go to solution
boneyard
MVP
MVP

‎24-Sep-2023 11:47

It depends what you mean with "service affecting" ... as to your second question, it wont reboot the device and it will also not restart BIG-IP services or such causing general traffic interuptions.

as Mohamed explains it might affect your service if a false positive occurs in the new signatures and they are applied in blocking mode. this is always a tricky choice, perhaps some interuption but auto update. or long checking and testing. your choice in the end.

0 Kudos

Go to solution
Wasfi_Bounni
Cirrocumulus
Cirrocumulus
In response to boneyard

‎24-Sep-2023 18:21

Thank you Boneyard.

0 Kudos
Copyright © 2023 Khoros, LLC